The notorious hacker Peace is advertising 200 Million alleged Yahoo accounts on Dark Web, and the company is aware of the sale.
Do you remember the notorious hacker Peace?
He is the hacker that offered for sale the dumps of LinkedIn and MySpace, and now he has once again a surprise for the security experts.
Peace is advertising 200 million of alleged Yahoo user credentials (from “2012 most likely,”) on the dark web. Yahoo is aware of the amazing sale but it hasn’t commented yet. The hacker is offering the data for 3 bitcoins (roughly $1,800).
Peace is advertising the Yahoo login credentials on The Real Deal black marketplace, according to Motherboard that reached the notorious hacker, he has been trading the data privately for some time, but only the sale is public.
The Yahoo security team is currently investigating the event, meantime, it urges its users to use strong passwords, use different passwords for different and enable two-factor authentication when it is available.
The records in the dump contain usernames, MD5-hashed passwords, dates of birth, and sometimes backup email addresses.
At the time I was writing is still unclear if data has been stolen from Yahoo, or it has been collated from other major data leaks.
Motherboard obtained by Peace a small sample of the data composed of 5000 records before it was publicly offered for sale. Experts verified the data and found that most of the two dozen credentials still belong to active accounts.
“This was done by going to the login section of Yahoo, entering the email address, and clicking next; when the email address wasn’t recognised, it was not possible to continue.” wrote Joseph Cox from Motherboard.
Cox also added that when Motherboard attempted to contact over 100 of the addresses included in the sample, many returned as undeliverable.
“This account has been disabled or discontinued,” read one autoresponse to many of the emails that failed to deliver properly, while others read “This user doesn’t have a yahoo.com account.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.